Return-Path: X-Original-To: apmail-ws-commits-archive@minotaur.apache.org Delivered-To: apmail-ws-commits-archive@minotaur.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 7D3F3635C for ; Sat, 23 Jul 2011 13:49:51 +0000 (UTC) Received: (qmail 39830 invoked by uid 500); 23 Jul 2011 13:49:51 -0000 Delivered-To: apmail-ws-commits-archive@ws.apache.org Received: (qmail 39793 invoked by uid 500); 23 Jul 2011 13:49:51 -0000 Mailing-List: contact commits-help@ws.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@ws.apache.org Delivered-To: mailing list commits@ws.apache.org Received: (qmail 39786 invoked by uid 99); 23 Jul 2011 13:49:50 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 23 Jul 2011 13:49:50 +0000 X-ASF-Spam-Status: No, hits=-2000.0 required=5.0 tests=ALL_TRUSTED X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Sat, 23 Jul 2011 13:49:45 +0000 Received: from eris.apache.org (localhost [127.0.0.1]) by eris.apache.org (Postfix) with ESMTP id 7ECDF238885D; Sat, 23 Jul 2011 13:49:23 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1150105 - in /webservices/wss4j/trunk/src: main/java/org/apache/ws/security/saml/ext/bean/ main/java/org/apache/ws/security/saml/ext/builder/ test/java/org/apache/ws/security/common/ test/java/org/apache/ws/security/saml/ Date: Sat, 23 Jul 2011 13:49:23 -0000 To: commits@ws.apache.org From: coheigea@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20110723134923.7ECDF238885D@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: coheigea Date: Sat Jul 23 13:49:22 2011 New Revision: 1150105 URL: http://svn.apache.org/viewvc?rev=1150105&view=rev Log: [WSS-296] - SubjectLocality is missing from AuthenticationStatementBean - Patch applied, thanks. - Also added in some tests. Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java?rev=1150105&r1=1150104&r2=1150105&view=diff ============================================================================== --- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java (original) +++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/AuthenticationStatementBean.java Sat Jul 23 13:49:22 2011 @@ -32,6 +32,8 @@ public class AuthenticationStatementBean private SubjectBean subject; DateTime authenticationInstant; private String authenticationMethod; + private SubjectLocalityBean subjectLocality; + private String sessionIndex; /** * Default constructor @@ -103,6 +105,42 @@ public class AuthenticationStatementBean public void setAuthenticationInstant(DateTime authenticationInstant) { this.authenticationInstant = authenticationInstant; } + + /** + * Get Subject Locality. + * + * @return the subjectLocality + */ + public final SubjectLocalityBean getSubjectLocality() { + return subjectLocality; + } + + /** + * Set Subject Locality. + * + * @param subjectLocality the subjectLocality to set + */ + public final void setSubjectLocality(final SubjectLocalityBean subjectLocality) { + this.subjectLocality = subjectLocality; + } + + /** + * Get the session index. + * + * @return the sessionIndex + */ + public final String getSessionIndex() { + return sessionIndex; + } + + /** + * Set the session index. + * + * @param sessionIndex the sessionIndex to set + */ + public final void setSessionIndex(final String sessionIndex) { + this.sessionIndex = sessionIndex; + } @Override public boolean equals(Object o) { @@ -131,6 +169,18 @@ public class AuthenticationStatementBean && !subject.equals(that.subject)) { return false; } + + if (subjectLocality == null && that.subjectLocality != null) { + return false; + } else if (subjectLocality != null && !subjectLocality.equals(that.subjectLocality)) { + return false; + } + + if (sessionIndex == null && that.sessionIndex != null) { + return false; + } else if (sessionIndex != null && !sessionIndex.equals(that.sessionIndex)) { + return false; + } return true; } @@ -140,6 +190,8 @@ public class AuthenticationStatementBean int result = subject != null ? subject.hashCode() : 0; result = 31 * result + (authenticationInstant != null ? authenticationInstant.hashCode() : 0); result = 31 * result + (authenticationMethod != null ? authenticationMethod.hashCode() : 0); + result = 31 * result + (subjectLocality != null ? subjectLocality.hashCode() : 0); + result = 31 * result + (sessionIndex != null ? sessionIndex.hashCode() : 0); return result; } } Added: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java?rev=1150105&view=auto ============================================================================== --- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java (added) +++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/bean/SubjectLocalityBean.java Sat Jul 23 13:49:22 2011 @@ -0,0 +1,137 @@ +/** + * Licensed to the Apache Software Foundation (ASF) under one + * or more contributor license agreements. See the NOTICE file + * distributed with this work for additional information + * regarding copyright ownership. The ASF licenses this file + * to you under the Apache License, Version 2.0 (the + * "License"); you may not use this file except in compliance + * with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, + * software distributed under the License is distributed on an + * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY + * KIND, either express or implied. See the License for the + * specific language governing permissions and limitations + * under the License. + */ + +package org.apache.ws.security.saml.ext.bean; + +/** + * This class represents a SubjectLocality. + */ +public class SubjectLocalityBean { + + /** The ipAddress. */ + private String ipAddress; + + /** The DNS Address. */ + private String dnsAddress; + + /** + * Default constructor explicitly provided since other constructors would + * prevent its automatic creation. + */ + public SubjectLocalityBean() { + // + } + + /** + * Constructor for creating a SubjectLocalityBean with ip and dns addresses. + * + * @param ipAddress ip address + * @param dnsAddress dns address + */ + public SubjectLocalityBean(final String ipAddress, final String dnsAddress) { + this.ipAddress = ipAddress; + this.dnsAddress = dnsAddress; + } + + /** + * Get the ip address. + * + * @return the ipAddress + */ + public final String getIpAddress() { + return ipAddress; + } + + /** + * Set the ip address. + * + * @param ipAddress the ipAddress to set + */ + public final void setIpAddress(final String ipAddress) { + this.ipAddress = ipAddress; + } + + /** + * Get the dns address. + * + * @return the dnsAddress + */ + public final String getDnsAddress() { + return dnsAddress; + } + + /** + * Set the dns address. + * + * @param dnsAddress the dnsAddress to set + */ + public final void setDnsAddress(final String dnsAddress) { + this.dnsAddress = dnsAddress; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#equals(java.lang.Object) + */ + @Override + public boolean equals(final Object o) { + if (this == o) { + return true; + } + + if (!(o instanceof SubjectLocalityBean)) { + return false; + } + + SubjectLocalityBean that = (SubjectLocalityBean) o; + + if (ipAddress == null && that.ipAddress != null) { + return false; + } else if (ipAddress != null && !ipAddress.equals(that.ipAddress)) { + return false; + } + + if (dnsAddress == null && that.dnsAddress != null) { + return false; + } else if (dnsAddress != null && !dnsAddress.equals(that.dnsAddress)) { + return false; + } + + return true; + } + + /* + * (non-Javadoc) + * + * @see java.lang.Object#hashCode() + */ + @Override + public int hashCode() { + int result = 0; + if (ipAddress != null) { + result = 31 * result + ipAddress.hashCode(); + } + if (dnsAddress != null) { + result = 31 * result + dnsAddress.hashCode(); + } + + return result; + } +} Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java?rev=1150105&r1=1150104&r2=1150105&view=diff ============================================================================== --- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java (original) +++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML1ComponentBuilder.java Sat Jul 23 13:49:22 2011 @@ -29,6 +29,7 @@ import org.apache.ws.security.saml.ext.b import org.apache.ws.security.saml.ext.bean.ConditionsBean; import org.apache.ws.security.saml.ext.bean.KeyInfoBean; import org.apache.ws.security.saml.ext.bean.SubjectBean; +import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean; import org.apache.ws.security.util.UUIDGenerator; import org.joda.time.DateTime; @@ -52,6 +53,7 @@ import org.opensaml.saml1.core.Evidence; import org.opensaml.saml1.core.NameIdentifier; import org.opensaml.saml1.core.Subject; import org.opensaml.saml1.core.SubjectConfirmation; +import org.opensaml.saml1.core.SubjectLocality; import org.opensaml.xml.XMLObjectBuilderFactory; import org.opensaml.xml.schema.XSString; @@ -103,6 +105,8 @@ public class SAML1ComponentBuilder { private static SAMLObjectBuilder actionElementV1Builder; private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory(); + + private static SAMLObjectBuilder subjectLocalityBuilder; /** * Create a new SAML 1.1 assertion @@ -319,6 +323,10 @@ public class SAML1ComponentBuilder { authenticationStatementV1Builder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthenticationStatement.DEFAULT_ELEMENT_NAME); } + if (subjectLocalityBuilder == null) { + subjectLocalityBuilder = (SAMLObjectBuilder) + builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME); + } if (authBeans != null && authBeans.size() > 0) { for (AuthenticationStatementBean statementBean : authBeans) { @@ -342,6 +350,16 @@ public class SAML1ComponentBuilder { authenticationStatement.setAuthenticationMethod( transformAuthenticationMethod(statementBean.getAuthenticationMethod()) ); + + SubjectLocalityBean subjectLocalityBean = statementBean.getSubjectLocality(); + if (subjectLocalityBean != null) { + SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject(); + subjectLocality.setDNSAddress(subjectLocalityBean.getDnsAddress()); + subjectLocality.setIPAddress(subjectLocalityBean.getIpAddress()); + + authenticationStatement.setSubjectLocality(subjectLocality); + } + authenticationStatements.add(authenticationStatement); } } Modified: webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java?rev=1150105&r1=1150104&r2=1150105&view=diff ============================================================================== --- webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java (original) +++ webservices/wss4j/trunk/src/main/java/org/apache/ws/security/saml/ext/builder/SAML2ComponentBuilder.java Sat Jul 23 13:49:22 2011 @@ -28,6 +28,7 @@ import org.apache.ws.security.saml.ext.b import org.apache.ws.security.saml.ext.bean.ConditionsBean; import org.apache.ws.security.saml.ext.bean.KeyInfoBean; import org.apache.ws.security.saml.ext.bean.SubjectBean; +import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean; import org.apache.ws.security.util.UUIDGenerator; import org.joda.time.DateTime; @@ -55,6 +56,7 @@ import org.opensaml.saml2.core.NameID; import org.opensaml.saml2.core.Subject; import org.opensaml.saml2.core.SubjectConfirmation; import org.opensaml.saml2.core.SubjectConfirmationData; +import org.opensaml.saml2.core.SubjectLocality; import org.opensaml.xml.XMLObjectBuilderFactory; import org.opensaml.xml.schema.XSString; @@ -109,6 +111,8 @@ public class SAML2ComponentBuilder { private static SAMLObjectBuilder actionElementBuilder; private static XMLObjectBuilderFactory builderFactory = Configuration.getBuilderFactory(); + + private static SAMLObjectBuilder subjectLocalityBuilder; /** * Create a SAML 2 assertion @@ -253,13 +257,19 @@ public class SAML2ComponentBuilder { authnContextClassRefBuilder = (SAMLObjectBuilder) builderFactory.getBuilder(AuthnContextClassRef.DEFAULT_ELEMENT_NAME); } + if (subjectLocalityBuilder == null) { + subjectLocalityBuilder = (SAMLObjectBuilder) + builderFactory.getBuilder(SubjectLocality.DEFAULT_ELEMENT_NAME); + } - if (authBeans != null && authBeans.size() > 0) { for (AuthenticationStatementBean statementBean : authBeans) { AuthnStatement authnStatement = authnStatementBuilder.buildObject(); authnStatement.setAuthnInstant(statementBean.getAuthenticationInstant()); - //authnStatement.setSessionIndex("b07b804c-7c29-ea16-7300-4f3d6f7928ac"); + + if (statementBean.getSessionIndex() != null) { + authnStatement.setSessionIndex(statementBean.getSessionIndex()); + } AuthnContextClassRef authnContextClassRef = authnContextClassRefBuilder.buildObject(); authnContextClassRef.setAuthnContextClassRef( @@ -269,6 +279,15 @@ public class SAML2ComponentBuilder { authnContext.setAuthnContextClassRef(authnContextClassRef); authnStatement.setAuthnContext(authnContext); + SubjectLocalityBean subjectLocalityBean = statementBean.getSubjectLocality(); + if (subjectLocalityBean != null) { + SubjectLocality subjectLocality = subjectLocalityBuilder.buildObject(); + subjectLocality.setDNSName(subjectLocalityBean.getDnsAddress()); + subjectLocality.setAddress(subjectLocalityBean.getIpAddress()); + + authnStatement.setSubjectLocality(subjectLocality); + } + authnStatements.add(authnStatement); } } Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java?rev=1150105&r1=1150104&r2=1150105&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/common/AbstractSAMLCallbackHandler.java Sat Jul 23 13:49:22 2011 @@ -29,6 +29,7 @@ import org.apache.ws.security.saml.ext.b import org.apache.ws.security.saml.ext.bean.AuthDecisionStatementBean; import org.apache.ws.security.saml.ext.bean.KeyInfoBean; import org.apache.ws.security.saml.ext.bean.SubjectBean; +import org.apache.ws.security.saml.ext.bean.SubjectLocalityBean; import org.apache.ws.security.saml.ext.bean.KeyInfoBean.CERT_IDENTIFIER; import org.w3c.dom.Document; import org.w3c.dom.Element; @@ -59,6 +60,8 @@ public abstract class AbstractSAMLCallba protected byte[] ephemeralKey = null; protected String issuer = null; protected String subjectNameIDFormat = null; + protected String subjectLocalityIpAddress = null; + protected String subjectLocalityDnsAddress = null; public void setConfirmationMethod(String confMethod) { confirmationMethod = confMethod; @@ -88,6 +91,11 @@ public abstract class AbstractSAMLCallba this.subjectNameIDFormat = subjectNameIDFormat; } + public void setSubjectLocality(String ipAddress, String dnsAddress) { + this.subjectLocalityIpAddress = ipAddress; + this.subjectLocalityDnsAddress = dnsAddress; + } + /** * Note that the SubjectBean parameter should be null for SAML2.0 */ @@ -97,6 +105,12 @@ public abstract class AbstractSAMLCallba if (subjectBean != null) { authBean.setSubject(subjectBean); } + if (subjectLocalityIpAddress != null || subjectLocalityDnsAddress != null) { + SubjectLocalityBean subjectLocality = new SubjectLocalityBean(); + subjectLocality.setIpAddress(subjectLocalityIpAddress); + subjectLocality.setDnsAddress(subjectLocalityDnsAddress); + authBean.setSubjectLocality(subjectLocality); + } authBean.setAuthenticationMethod("Password"); callback.setAuthenticationStatementData(Collections.singletonList(authBean)); } else if (statement == Statement.ATTR) { Modified: webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java URL: http://svn.apache.org/viewvc/webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java?rev=1150105&r1=1150104&r2=1150105&view=diff ============================================================================== --- webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java (original) +++ webservices/wss4j/trunk/src/test/java/org/apache/ws/security/saml/SamlTokenTest.java Sat Jul 23 13:49:22 2011 @@ -513,6 +513,88 @@ public class SamlTokenTest extends org.j } /** + * Test that creates, sends and processes an unsigned SAML 1.1 authentication assertion with + * a user-specified SubjectLocality statement. + */ + @org.junit.Test + public void testSAML1SubjectLocality() throws Exception { + SAML1CallbackHandler callbackHandler = new SAML1CallbackHandler(); + callbackHandler.setStatement(SAML1CallbackHandler.Statement.AUTHN); + callbackHandler.setIssuer("www.example.com"); + callbackHandler.setSubjectLocality("12.34.56.780", "test-dns"); + + SAMLParms samlParms = new SAMLParms(); + samlParms.setCallbackHandler(callbackHandler); + AssertionWrapper assertion = new AssertionWrapper(samlParms); + + WSSecSAMLToken wsSign = new WSSecSAMLToken(); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + + Document unsignedDoc = wsSign.build(doc, assertion, secHeader); + + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc); + if (LOG.isDebugEnabled()) { + LOG.debug("SAML 1.1 Authn Assertion (sender vouches):"); + LOG.debug(outputString); + } + assertTrue(outputString.contains("12.34.56.780")); + assertTrue(outputString.contains("test-dns")); + + List results = verify(unsignedDoc); + WSSecurityEngineResult actionResult = + WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED); + AssertionWrapper receivedAssertion = + (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(receivedAssertion != null); + assertTrue(!receivedAssertion.isSigned()); + } + + /** + * Test that creates, sends and processes an unsigned SAML 2 authentication assertion with + * a user-specified SubjectLocality statement. + */ + @org.junit.Test + public void testSAML2SubjectLocality() throws Exception { + SAML2CallbackHandler callbackHandler = new SAML2CallbackHandler(); + callbackHandler.setStatement(SAML2CallbackHandler.Statement.AUTHN); + callbackHandler.setIssuer("www.example.com"); + callbackHandler.setSubjectLocality("12.34.56.780", "test-dns"); + + SAMLParms samlParms = new SAMLParms(); + samlParms.setCallbackHandler(callbackHandler); + AssertionWrapper assertion = new AssertionWrapper(samlParms); + + WSSecSAMLToken wsSign = new WSSecSAMLToken(); + + Document doc = SOAPUtil.toSOAPPart(SOAPUtil.SAMPLE_SOAP_MSG); + WSSecHeader secHeader = new WSSecHeader(); + secHeader.insertSecurityHeader(doc); + + Document unsignedDoc = wsSign.build(doc, assertion, secHeader); + + String outputString = + org.apache.ws.security.util.XMLUtils.PrettyDocumentToString(unsignedDoc); + if (LOG.isDebugEnabled()) { + LOG.debug("SAML 2 Authn Assertion (sender vouches):"); + LOG.debug(outputString); + } + assertTrue(outputString.contains("12.34.56.780")); + assertTrue(outputString.contains("test-dns")); + + List results = verify(unsignedDoc); + WSSecurityEngineResult actionResult = + WSSecurityUtil.fetchActionResult(results, WSConstants.ST_UNSIGNED); + AssertionWrapper receivedAssertion = + (AssertionWrapper) actionResult.get(WSSecurityEngineResult.TAG_SAML_ASSERTION); + assertTrue(receivedAssertion != null); + assertTrue(!receivedAssertion.isSigned()); + } + + /** * Verifies the soap envelope *

*